Crashing NetProwler 3.0

Sending two fragmented packets to machine monitored by NetProwler, the service can
be made to crash. The packets must be sent to machine being mornitored by NetProwler using
a spoofed source address of the actual NetProwler monitoring system.

In addition, the discoverer points out the NetProwler uses
the Microsoft Jet database engine, which has serious security risks in and of itself.

VENDOR RESPONSE

Axent Technologies is aware of this matter, however no
response was known at the time of this writing.